In 1996, a physicist named Alan Sokol published an article in Social Text, a cultural studies journal.  It was called “Transgressing the Boundaries: Toward a Transformative Hermeneutics of Quantum Gravity,” and as the name suggests, it’s pretty impenetrable.  You can check it out here.  Soon after it came out, he published an article in the now-defunct Lingua Franca, saying that the first article had been a hoax.  He said he did it to see if the journal “publish an article liberally salted with nonsense if (a) it sounded good and (b) it flattered the editors’ ideological preconceptions.”

I remember feeling pretty sympathetic to the Social Text editors at the time — which was before I was immersed in legal academia, where most of the law reviews are run by students and don’t perform what other fields would recognize as formal peer review.  Publishing an article doesn’t mean that the journal editors agree with everything it says, and no doubt the Social Text editors had little experience dealing with physics.  Sure, they could have sent it to other physicists, but in the meantime they probably welcomed what looked like a rare attempt by someone from the hard sciences to communicate with an otherwise-alien audience, even if the person was deemed an apostate by his colleagues.  Moreover, being of the postmodern deconstructionist bent, they gleaned a lot from the text — no doubt more than what its insincere author had put in.  (As Wiki says they put it: “its status as parody does not alter, substantially, our interest in the piece, itself, as a symptomatic document.”)

I was reminded of the Sokal Affair when I read Thomas Ryan’s presentation to the 2010 Black Hat conference about one Robin Sage.  This isn’t the U.S. special ops training exercise conducted each year, but rather a fake identity the author created on LinkedIn and elsewhere.

The author says he intentionally chose the photo of a young, attractive woman in order to better do what he did next: friend a bunch of security professionals on LinkedIn.  He says that Robin’s success in social networking said something about the security chops of those who friended her.

I’m not so sure.  He convincingly writes that her profile’s credibility could be debunked with a little Internet sleuthing, but I don’t think it’s surprising that many social network users regularly go to such lengths.  Some people are picky about from whom they allow connections; others are content to accept anything that looks like it’s not a spammer — and Robin was not.

Ryan includes some snippets of messages that Robin received from her new connections.  One asked her to review a paper he was writing; another complimented her on her looks; another pointed out a job opportunity.  I’m not sure any of these is troublesome.  Ryan figures that if the paper were shared and was pre-publication, a malevolent person behind the Robin persona could have passed it off as his or her own.  That’s a bit of a reach.  Yes, anything can happen, but there are risks in any communication or interaction with a stranger or mere acquaintance.  Ryan says in his paper’s summary that Robin was offered “gifts, government and corporate jobs, and options to speak at a variety of security conferences.”  But when that’s unpacked in the main text, it’s all very tentative — pointing out a job opportunity is not the same as offering a job, and suggesting interest in a conference is not the same as vetting the presentation should the interest be reciprocated.  There’s an intriguing section of the paper about the gender dynamic — Ryan intentionally chose a young, attractive woman as Robin’s avatar, ’and suggests that “Whether these same reactions would have been elicited towards another male is questionable. It can be put forth that Robins appearance and gender played a key role in many people’s comfort level.”

There’s some interesting research on this sort of thing, such as a study by researchers at the University of Wisconsin in which identical resumes were sent for academic jobs with only the names switched from one gender to another.  They found that men were given more opportunities than their identical women counterparts.  At the very least, gender comfort level can cut both ways, and Ryan’s experiment was, I think even by his own account, as casual as Alan Sokol’s with Social Text.  It’s more to make a provocation than to actually investigate gender bias or sloppy intellectual work, respectively.

The Robin Sage experiment — and the lessons we’re supposed to draw from it — interest me because I’m interested in the ways in which kindness among strangers can be crucial to the world being a good place to live — and the Internet functioning at all.  It’s not surprising that a security professional would conduct an experiment in which people were duped into friending someone who wasn’t real and then conclude that those people were observing security practices that were too lax.  But the more you think about it, the more you can think of all sorts of similar experiments: offer to help someone with his or her shopping bags, and then drop them.  See someone taking a picture of his friends in a park, offer to do it so he can join the picture, and then run away with the camera.  Hold a door for someone, and then hit them from behind.  Should an experimenter do any of these, would the lesson be about the gullibility of the target or the cruelty of the experimenter?

To be sure, Ryan’s experiment was conducted among fellow security professionals.  He suggests that Robin’s fake job description suggested that she held a U.S. federal government security clearance — so other people with clearances might be misled into sharing classified information with her.  But there’s no reason to think that people would spill secrets under those circumstances any more than you’d write a check for $5,000 or give your home address to a brand new “friend” on Facebook.

The beauty of social networks like LinkedIn or Facebook is that they allow a level of connection with someone that has no easy real-world analogue.  LinkedIn can be for colleagues and friends, but it also can include faraway students who want to connect with a professor they’ve never met — and maybe never will — or any number of other configurations.  Just because Wikipedia allows anyone to edit most of its pages, doesn’t mean that it innately and permanently trusts every edit.  The system is set up to be able to revert the work of vandals, and any example of how “easy” it is to vandalize a Wikipedia page is beside the point.  The idea there is that there are more people quickly responding to vandals than there are vandals — so an open system functions.  Similarly, so long as we don’t share more than we mean to, the presence of strangers among our LinkedIn colleagues or even Facebook friends shouldn’t be a red flag.  More might be gained from “friends we haven’t met” than lost to the occasional bad actor.

So: pleased to meet you, Thomas Ryan — if that’s who you really are.  And even if it’s not.  …JZ